NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Forescout v8.1

Certificate Date:  2020.03.16

Validation Report Number:  CCEVS-VR-VID11008-2020

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314

CC Testing Lab:  Booz Allen Hamilton Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Product Description

The Forescout is a network device that enables network access control, threat protection, and compliance of the entire enterprise based on network security policies. The Forescout type is justified because the Forescout provides an infrastructure role in internetworking of different network environments across an enterprise.

Evaluated Configuration

The TOE is Forescout that runs the Forescout software version 8.1.

In its evaluated configuration, the TOE is configured to directly communicate with the following environment components:

  • Management Workstation: Any general-purpose computer that is used by a Security Administrator to manage the TOE. The TOE can be managed remotely, in which case the management workstation requires an SSH client to access the CLI or the Forescout Console GUI application installed.
  • Active Directory (AD) Server: A system that is capable of receiving authentication requests using LDAP over TLS and validating these requests against identity and credential data that is defined in an LDAP directory. In the evaluated configuration, the TOE connects to a server with Microsoft Active Directory for its remote authentication store.
  • Syslog Server: The TOE connects to a Syslog Server to send Syslog messages for remote storage via TLS connection where the TOE is the TLS client. This is used to send copies of audit data to be stored in a remote location for data redundancy purposes.
  • OCSP Responder: A server deployed within the Operational Environment which confirms the validity and revocation status of certificates
  • Network Infrastructure: The network infrastructure contains components such as routers, switches, DNS server, etc.


Additionally, the following environment component was required for trusted update functionality:

  • Update Server: A general-purpose computer controlled by the vendor that includes a web server and is used to store software update packages that can be retrieved by product customers using HTTPS/TLS enabled browser or Console. The host of the Forescout Console application provides the secure channel and not the TOE. The TOE does not directly communicate with the update server. The TOE receives the update from the Forescout Console.


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Forescout was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the Forescout Security Target Version 1.0. The evaluation underwent CCEVS Validator review. The evaluation was completed in March 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID11008-2020 prepared by CCEVS.

Environmental Strengths

Security Audit

The TOE contains mechanisms to generate audit data to record predefined events on the TOE. The audit logs are stored in an internal database on the TOE’s local hard drive. An authorized administrator has the ability to enable/disable the forwarding of events to a syslog server. In the evaluated configuration, the audit data is also securely transmitted to the syslog server using a TLS v1.2 communication channel.

Cryptographic Support

The TOE provides cryptography in support of SSH and TLS (v1.2) trusted communications. Two different cryptography software packages are included with the TOE: Bouncy Castle and OpenSSL. Bouncy Castle uses a hash DRBG and OpenSSL uses a CTR DRBG to provide the random bit generation services with 256 bits of entropy. OpenSSL provides all RSA key generation and is implemented in accordance with FIPS 186-4. Both OpenSSL and Bouncy Castle provide RSA key establishment and is implemented in accordance with RSAES-PKCS1-v1_5. OpenSSL provides Diffie-Hellman group 14 (FFC) key generation is implemented in accordance with RFC 3526, Section 3 and Diffie-Hellman group 14 key establishment is implemented in accordance with RFC 3526, Section 3. Keys are destroyed when no longer used. AES (CBC and GCM), SHA, HMAC, RSA are all used by the TOE for encryption, hashing, message authentication and digital signatures, respectively. The cryptographic implementation has been validated to ensure that the algorithms are appropriately strong for use in trusted communications: OpenSSL: C933 and Bouncy Castle: C944.

Identification and Authentication

The TSF provides a configurable number of maximum consecutive authentication failures that are permitted by a user. Once this number has been met, the account is locked for a configurable time interval or until the Security Administrator manually unlocks the account.

The TOE provides local password authentication as well as providing the ability to securely connect to an Active Directory server for the authentication of users. Communications over this interface is secured using TLS in which the TOE is acting as a client. The TOE enforces X.509 the use of certificates to support authentication for TLS connections. The only function available to an unauthenticated user is the ability to acknowledge a warning banner. Passwords that are maintained by the TSF can be composed of upper case, lower case, numbers and special characters. The Security Administrator can define the password length between 15 and 30 characters.

Security Management

The TOE can be administered locally and remotely and uses role-based access control to prevent unauthorized management. The TOE enforces role-based access control (RBAC) to prevent/allow access to TSF data and functionality. The TOE has one pre-defined role: “Admin”. The user permissions for the “Admin” role cannot be modified or customized. A user assigned the “Admin” role is the TOE administrator (Security Administrator) and has access to all Console tools and features.  All other users that do not have the full set of administrative permissions are categorized as a “Console User”. A Console User’s set of permissions are set during creation and can be customized by adding and subtracting specific permissions to allow/disallow the user TOE functionality.

Protection of the TSF

The TOE is expected to ensure the security and integrity of all data that is stored locally and accessed remotely. Passwords are not stored in plaintext. The cryptographic module prevents the unauthorized disclosure of secret cryptographic data.  The TOE does not support automatic updates.  An administrator has the ability to query the TOE for the currently executing version the TOE software and is required to manually initiate the update process from the Console.  The TOE automatically verifies the digital signature of the software update prior to installation. If the digital signature is found to be invalid for any reason the update is not installed. If the signature is deemed invalid, the administrator will be provided a warning banner and allow an administrator to continue with the installation or abort. There is no means for an administrative override to continue the installation if the signature is completely missing.  The TOE implements a self-testing mechanism that is automatically executed during the initial start-up and can be manually initiated by an administrator after authentication, to verify the correct operation of product and cryptographic modules. The TOE provides its own time via its internal clock.

TOE Access

The TOE displays a configurable warning banner prior to its use. Inactive sessions will be terminated after an administrator-configurable time period. Users are allowed to terminate their own interactive session. Once a remote session has been terminated the TOE requires the user to re-authenticate to establish a new session. Local and remote sessions are terminated after the administrator configured inactivity time limit is reached.

Trusted Path/Channels

Users can access a CLI for administration functions remotely via SSH (remote console) or a local physical connection (local console) to the TOE.  The TOE provides the SSH server functionality.  The Console is the main administrator interface, which is running on a separate Windows PC and requires the use of TLS to communicate with the TOE.

The TOE acts as a TLS client to initiate the following secure paths to

             User Authentication (Active Directory)

             Auditing (Syslog)

The TOE acts as a TLS server and receives requests to establish the following secure paths from:

             Forescout Console

Vendor Information

Forescout Technologies
Tal Rabinovitch
Site Map              Contact Us              Home